From 6d5ada252202bfb29eba884cf9567e969d798607 Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Tue, 9 Jul 2019 22:02:07 +0200
Subject: Added validation to AuthController

---
 tests/Unit/Controllers/AuthControllerTest.php | 61 ++++++++++++++++-----------
 1 file changed, 37 insertions(+), 24 deletions(-)

(limited to 'tests')

diff --git a/tests/Unit/Controllers/AuthControllerTest.php b/tests/Unit/Controllers/AuthControllerTest.php
index 0fad3b6d..d3dbfa4b 100644
--- a/tests/Unit/Controllers/AuthControllerTest.php
+++ b/tests/Unit/Controllers/AuthControllerTest.php
@@ -4,15 +4,21 @@ namespace Engelsystem\Test\Unit\Controllers;
 
 use Engelsystem\Controllers\AuthController;
 use Engelsystem\Helpers\Authenticator;
+use Engelsystem\Http\Exceptions\ValidationException;
 use Engelsystem\Http\Request;
 use Engelsystem\Http\Response;
 use Engelsystem\Http\UrlGeneratorInterface;
+use Engelsystem\Http\Validation\Validates;
+use Engelsystem\Http\Validation\Validator;
 use Engelsystem\Models\User\Settings;
 use Engelsystem\Models\User\User;
 use Engelsystem\Test\Unit\HasDatabase;
+use Illuminate\Support\Collection;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
 
 class AuthControllerTest extends TestCase
 {
@@ -21,6 +27,7 @@ class AuthControllerTest extends TestCase
     /**
      * @covers \Engelsystem\Controllers\AuthController::__construct
      * @covers \Engelsystem\Controllers\AuthController::login
+     * @covers \Engelsystem\Controllers\AuthController::showLogin
      */
     public function testLogin()
     {
@@ -31,6 +38,10 @@ class AuthControllerTest extends TestCase
         /** @var Authenticator|MockObject $auth */
         list(, $session, $url, $auth) = $this->getMocks();
 
+        $session->expects($this->once())
+            ->method('get')
+            ->with('errors', [])
+            ->willReturn(['foo' => 'bar']);
         $response->expects($this->once())
             ->method('withView')
             ->with('pages/login')
@@ -42,7 +53,6 @@ class AuthControllerTest extends TestCase
 
     /**
      * @covers \Engelsystem\Controllers\AuthController::postLogin
-     * @covers \Engelsystem\Controllers\AuthController::authenticateUser
      */
     public function testPostLogin()
     {
@@ -51,10 +61,12 @@ class AuthControllerTest extends TestCase
         $request = new Request();
         /** @var Response|MockObject $response */
         $response = $this->createMock(Response::class);
-        /** @var SessionInterface|MockObject $session */
         /** @var UrlGeneratorInterface|MockObject $url */
         /** @var Authenticator|MockObject $auth */
-        list(, $session, $url, $auth) = $this->getMocks();
+        list(, , $url, $auth) = $this->getMocks();
+        $session = new Session(new MockArraySessionStorage());
+        /** @var Validator|MockObject $validator */
+        $validator = new Validator(new Validates());
 
         $user = new User([
             'name'          => 'foo',
@@ -63,7 +75,7 @@ class AuthControllerTest extends TestCase
             'api_key'       => '',
             'last_login_at' => null,
         ]);
-        $user->forceFill(['id' => 42,]);
+        $user->forceFill(['id' => 42]);
         $user->save();
 
         $settings = new Settings(['language' => 'de_DE', 'theme' => '']);
@@ -76,41 +88,42 @@ class AuthControllerTest extends TestCase
             ->with('foo', 'bar')
             ->willReturnOnConsecutiveCalls(null, $user);
 
-        $response->expects($this->exactly(3))
+        $response->expects($this->once())
             ->method('withView')
-            ->withConsecutive(
-                ['pages/login', ['errors' => ['auth.no-nickname'], 'show_password_recovery' => true]],
-                ['pages/login', ['errors' => ['auth.no-password'], 'show_password_recovery' => true]],
-                ['pages/login', ['errors' => ['auth.not-found'], 'show_password_recovery' => true]])
+            ->with('pages/login', ['errors' => Collection::make(['auth.not-found']), 'show_password_recovery' => true])
             ->willReturn($response);
         $response->expects($this->once())
             ->method('redirectTo')
             ->with('news')
             ->willReturn($response);
 
-        $session->expects($this->once())
-            ->method('invalidate');
-
-        $session->expects($this->exactly(2))
-            ->method('set')
-            ->withConsecutive(
-                ['user_id', 42],
-                ['locale', 'de_DE']
-            );
-
+        // No credentials
         $controller = new AuthController($response, $session, $url, $auth);
-        $controller->postLogin($request);
+        $controller->setValidator($validator);
+        try {
+            $controller->postLogin($request);
+            $this->fail('Login without credentials possible');
+        } catch (ValidationException $e) {
+        }
+
+        // Missing password
+        $request = new Request([], ['login' => 'foo']);
+        try {
+            $controller->postLogin($request);
+            $this->fail('Login without password possible');
+        } catch (ValidationException $e) {
+        }
 
-        $request = new Request(['login' => 'foo']);
-        $controller->postLogin($request);
-
-        $request = new Request(['login' => 'foo', 'password' => 'bar']);
         // No user found
+        $request = new Request([], ['login' => 'foo', 'password' => 'bar']);
         $controller->postLogin($request);
+        $this->assertEquals([], $session->all());
+
         // Authenticated user
         $controller->postLogin($request);
 
         $this->assertNotNull($user->last_login_at);
+        $this->assertEquals(['user_id' => 42, 'locale' => 'de_DE'], $session->all());
     }
 
     /**
-- 
cgit v1.2.3-54-g00ecf